If you're a U.S. citizen, as of today you now have a medical today you now have a medicalidentification number.

Some will tell you that your new ID number helps protectyour privacy. And while to some extent it does, theprotections are largely superficial. The disturbing truth isthat your medical privacy is now beyond your control.

For instance, you might see privacy screens placed aroundthe edges of computer monitors to prevent someone fromglancing at your personal medical information. And onceyou've received your new medical ID number, the receptionistmay call you in from the waiting room by your number insteadof your name - a procedure designed to protect your privacyfrom others in the waiting room. (Speaking for myself, thiscompletely impersonal and unnecessary procedure is not aprotection that I've been longing for.)

More importantly, you'll be asked to read a description ofthe new federal regulation that, in theory, is designed toprotect the privacy of your medical records in this new ageof electronic record-keeping and file transfer. And you'llbe asked to sign a document, stating that you've read aboutthe new regulation, understand it, and agree to the newprocedures.

Ready for the kicker? If you don't sign the form, yourdoctor is allowed to refuse to treat you and your insurancecompany is allowed to refuse coverage.

If you're wondering why this new "privacy" that's granted toyou is, in effect, being forced down your throat, the answerlies in the fact that these regulations actually weaken yourability to restrict access to your medical history.

The source of the revised federal medical privacy rule isthe Health Insurance Portability and Accountability Act(HIPAA), passed by Congress in 1996. And I'll offer thisbenefit of the doubt: the original idea that led to this actmay very well have had a good intention to protect theprivacy of our medical records. But something went awry asthis good idea passed through the massive Congressional andregulatory maze. If you roll a snowball down a long muddyhill, you end up with a muddy snowball.

As the rule now stands, doctors, dentists, pharmacists,hospital personnel, and even psychotherapists have to abideby new requirements that can be as simple as providing asecure area for private consultations, or as high tech asencryption software for computer programs. The governmentestimates that healthcare providers will spend as much as $4billion to comply with these measures. And do you imaginethose costs will be passed along to the patients? You can beabsolutely sure of that.

So what will we get in return for all of this bureaucraticeffort and exorbitant expense? Here are a few of therealities of the new "privacy" rule:

* Doctors and insurance companies may now share a patient'shealth information with third parties (including the U.S.Department of Health and Human Services (HHS) withoutasking the patient for permission.* A patient cannot withhold medical information from HHS.* Doctors and insurance companies are not required to givepatients an accounting of third parties with whom theirinformation is shared.* A patient's request for such an accounting can be denied.* Doctors and insurance companies can share a patient'smedical records with the FDA as well as foreigngovernments who may be collaborating with U.S. healthofficials.* If the privacy of a patient's medical records has beenviolated, the patient can issue a complaint to HHS, butthe department is not required to investigate thecomplaint. Furthermore, the patient cannot bring a lawsuitagainst a doctor or an insurance company for a breach ofprivacy.

To say that these regulations shamefully contradict theethic of doctor/patient confidentiality is to put it mildly.That age-old standard is now out the window. But I saved thebest one for last: HHS may now access a patient'sphychotherapy notes. That's right: the most sacrosanct areaof all - the health of your psyche - is now open togovernment examination. They don't have to ask for yourpermission, and they don't have to tell you if they'resharing your most private thoughts with third parties.

What can you do about all this? Frankly, not much. TheStandards for Privacy of Individually Identifiable HealthInformation rule officially went into effect on April 14,2001. The "enforcement" of that rule goes into effect today.

Normally I don't report to you about situations in which youhave no course of action. But even though this new rule issigned, sealed, and (as of today) delivered, there is oneway you can make your voice heard.

The Citizens' Council on Health Care (CCHC - a non-profitorganization that promotes the right of each individual tocontrol his health care decisions) has prepared a formtitled "Declaration of Medical Privacy Intent." You canprint out this form from their web site (cchconline.org),fill in the appropriate information, and then instruct yourdoctor, psychologist, pharmacist, and insurance companies toinclude the form with your permanent records. Or, if youdon't feel comfortable using the CCHC form, you can write aletter declaring that you do not wish to have your privatemedical information shared with any third parties withoutyour written consent.

What authority this letter or the CCHC form might carry isquestionable. It's certainly possible that someone might seeit and respect your wishes. And I imagine that at some pointpush will come to shove and the legality of this new rulewill be tested in court. In that case, a written declarationinsisting that your medical records remain private couldcarry weight in a legal proceeding. I should know better,but I find it hard to believe that any judge sworn to upholdthe U.S. Constitution would deny a patient his right todoctor/patient confidentiality.

But then, I find it hard to believe that this new rule isbeing allowed to trample our basic right to privacy in thefirst place. Laura Sherrill, a hospital administrator incharge of medical records, told the Honolulu Star Bulletinlast week, "From now on, it's going to be a new world." Ihope she's wrong, but I'm afraid she's right.